- Plesk for Windows
Vulnerability CVE-2020-13166 was discovered in myLittleAdmin: https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/
If myLittleAdmin is installed, an unauthenticated remote attacker can run arbitrary code on behalf of IUSRPLESK_sqladmin.
Call to Action
If you'd like to continue using myLittleAdmin without removing it:
Connect to the server via RDP
Delete the following lines from
If you are not using myLittleAdmin:
Remove myLittleAdmin from Plesk:
- Log in to Plesk
- Go to Tools & Settings > Updates > Add/Remove components and uncheck myLittleAdmin:
- Click Continue
As an alternative, to manage MS SQL databases it is recommended to use Microsoft SQL Management studio.
Note: Unlikely software vendor will issue any security patches/updates to address this vulnerability.
We are going to remove the ability to install this vulnerable software using Plesk soon.